Mutual Authentication. In the proposed protocol, the goal of mutual authentication was to ensure that MU and HA are legitimate and to establish an agreed-upon session key between MU and FA for further communications.
Mutual Authentication. U With the received request message {EU, AIDU, hU, t1} U sent, GWN can compute N′ = dGWN EU = (N(x)′ , N(y)′ ) to get the values MU and KU and checks the validity of U via the equivalence U U U hU = h′ . After receiving the message {EU, EGWN, MGWN, hGWN, t2, t1} from GWN, the sensor U GWN GWN node S could obtain the values KGWN and N(x)′ and then computes h′ = H1 K′ IDS t2 GWN to verify the validity of GWN via the equivalence hGWN = h′ . Once receiving the message S S S {ES, t3, hS, AuthS} from S, GWN computes K′ and h′ = H1 K′ IDS t3 to check the validity S of S via the equivalence h′ = hS. Then, GWN sends message {ES, t3, t4, AuthS, AuthGWN} to U GWN U S U and U computes skU = (rU + N(x))ES, Auth′ = H1(dU EGWN M′ t4) and Auth′ = GWN H1(skU t3) and checks the validity of GWN and S by the equivalence Auth′ = AuthGWN and S Auth′ = AuthS. If the above verification processes are successfully completed, our protocol provides mutual authentication.
Mutual Authentication. A According to lemma 1, no polynomial probability time adversary can fake a legal login or response information. Therefore, cloud service providers participating in the negotiation can authenticate each other by verifying the signed messages. So, the proposed PCAKA protocol supports the mutual authentication. Session Key Agreement. j j j According to the protocol specification, both the parties involved in the key negotiation process construct a session key using their own known information (without disclosing private information). For example, Ci finds out R' = Aj +(βj · P ) +(αj · Ppub), X' = γj · R' by the message Based on the above security analysis, the proposed PCAKA protocol provides mutual authentication between Ci and Cj. That is to say, no adversary can deceive either side. Thus, our scheme can resist man-in-the-middle attack. Impersonation attack. Based on the above analysis, we know that no PPT adversary A can forge a legal login information or a (σj, Vj, T 1) received from Cj and the known information. Thus the session key ski = H4(pidi, pidj, Ri, Rj, xi · X' , T 1) corresponding response message, if it doesn’t have the secure key of Ci or Cj. Thus, the PCAKA protocol can also resist is calculated. In the same way, j j impersonation attack. Cj figure out i j skj = X0(xxxx, xxxx, Xx, Xx, xx · X' , T 1). According to section 4,however,Xi = X' (Xj = X' ), Tampering attack. ' ' i j According to our proposed protocol, γi is the core of the · · · · xi Xj = xi xj P = xj Xi . We can obtain ski = skj. Thus, the proposed PCAKA scheme supports session key negotiation.
Mutual Authentication. According to Theorem 1, the pro- posed protocol is MA-secure that any polynomial adversary cannot forge a valid logic authenticator on a user’s side or forge a valid response authenticator on the server’s side. Therefore, the proposed protocol can support mutual authentication. Session Key Agreement: According to correctness analysis, both of the two communicating parties can compute a session key with the equal value to h4(IDi, IDS, ϕ, w), which will be used to encrypt the transmitted message in future commu- nications. Moreover, the Theorem 2 proves that the proposed protocol is AKA-secure. Therefore, the proposed protocol can support session key agreement. Two-factor Security: According to the Lemma 3 and Lemma 4, even if an adversary can controlled one of the two device DAi or DBi and obtain the partial private key stored in the corresponding mobile device, he/she cannot impersonate the user to generate a valid login authenticator that can pass the server’s authentication. Therefore, the proposed protocol can provide two-party security. User Anonymity: According the description of the proposed protocol, the real identity of user Ui is masked by AIDi = ⊕
Mutual Authentication. In our proposed protocol, both the UAV and the service provider (USP) can authen- scenarios for UAVs, the drones collect important and sensitive information from the deployed environment and sends this information to the control center. To ensure privacy of the data, some applications may require the drone to encrypt the data by using a secret key (stored in drone’s memory). However, a Table III SECURITY FEATURE’S COMPARISON OF PROPOSED SCHEME WITH RESPECT TO TIAN ET AL.’S SCHEME[15] Security Features Tian et al. [15] Zhang et al. [16] Srinivas et al. [17] Proposed Scheme Mutual Authentication Yes No Yes Yes Anonymity Yes Yes Yes Yes Security Against Forgery Attacks Yes Yes Yes Yes Location Threat No No No Yes Req. of Clock Synchronization Yes Yes Yes No Physical Security of the UAV No No No Yes Table IV PERFORMANCE COMPARISON BASED ON COMPUTATION, COMMUNICATION, AND STORAGE COST Cost Tian et al. [15] Proposed Scheme Computation Cost at UAV Etm + Eta + Eth c 33.77 ms 2Etp + 6Eth c 4.76 ms Computation Cost at USP Etse + Etm + 2Eth c 17.96 ms 7Eth c 0.20 ms Communication Cost 916 bytes 224 bytes Storage Cost at the UAV 296 bytes 96 bytes drone may experience a range of natural or adversarial condi- tions which can compromise it physical security. For example, an UAV may be involved in an accident or component failure which leads to a crash and the drone may eventually be found by the adversary. Similarly, an adversary may shoot down the UAV and physically capture it. An adversary can then obtain the secret key from the memory of the drone, and thus gain access to the encrypted data stored in the UAV. In the proposed scheme, an UAV does not store any secret keys in its memory. Therefore, even if an adversary physically captures the drone, he/she cannot get any secrets from the UAV’s memory. Besides, if the adversary attempts to do any physical tampering on the drone’s hardware, then the behavior of the PUFs will be changed and they will not generate the intended response. Therefore, the USP will be able to reject authentication attempts by UAVs with tampered hardware and the proposed protocol can ensure security against physical attacks on UAVs. In addition, since PUFs also provide the properly of uncloneability, the adversary cannot create a copy of the PUFs attached with the UAV.
Mutual Authentication. The enhanced scheme provides mutual authentication because legitimate participants verify each other, ensuring strong mutual authentication. This property secures our protocol and allows for the early detection of potential attacks such as replay attacks.
Mutual Authentication. The proposed scheme provides mutual authentication. Suppose if 𝒟ℛ𝒩𝑢 dispatches the Ciphertext 𝚿1 = ( NON𝑒𝑢 , Ω𝑢, 𝚲𝑢, 𝒷𝑢, 𝒳𝑢, 𝒞𝓇𝑢) to 𝒟ℛ𝒩�� . After receiving the key 𝛹1, 𝒟ℛ𝒩v performs the following computations:
Mutual Authentication. In the proposed scheme, S authenticates Ui by checking the validity of M3 in the access request. We have shown that the proposed scheme can preserve user anonymity, so Ui’s identity IDi is even secured to the server S but only exposed h(IDi) to S. We have proved that the proposed scheme can resist user impersonation attack. Therefore, it is impossible for an adversary to forge messages to masquerade as Xx in the proposed scheme. To pass the authentication of S, the smart card first needs to take Ui’s identity IDi and password PWi to get through the verification in Step L2 of the login phase. In this Section, we have shown that the proposed scheme can resist offline password guessing attack. Therefore, only the legal user Ui who owns correct IDi and PWi can pass the authentication of S. On the other hand, Ui authenticates S by explicitly checking whether the other party communicating with can compute the valid M2 or not. Since MS does not know the values of IDi corresponding to Ui and x corresponding to S, only the legitimate S could compute the correct M2=h(SK W C1). From the above analysis, we conclude that the proposed scheme can achieve mutual authentication.
Mutual Authentication. The proposed scheme provides mutual authentication. Suppose if ℛ dispatches the Ciphertext Ψ1 = ( NON , Ω, Λ, , , ) to ℛ . After receiving the key 1, Xx performs the following computations:
Mutual Authentication. In above section, we prove that A can generate the session key SK successfully, and impersonate the legitimate vehicle. Therefore, the protocol of Xxxxxxxxx et al. cannot achieve key agreement and mutual authentication.
